Skip to content

dropbear | Cheatsheet

Dropbear is a software package written by Matt Johnston that provides a Secure Shell-compatible server and client. It is designed as a replacement for standard OpenSSH for environments with low memory and processor resources, such as embedded systems. It is a core component of OpenWrt and other router distributions.

Install net-misc/dropbear and sec-keys/openpgp-keys-dropbear

emerge --ask net-misc/dropbear sec-keys/openpgp-keys-dropbear

??? Note "Simple script to remove backdoors on Tilgin Routers (works for personal setups as well)

#! /bin/sh
# Remove backdoor keys and create our own for dropbear
# Copyright (C) 2023 wuseman
# Author: wuseman <>
# $Id: 2023-01-05 01:24:00+0100 wuseman $

function dropbearServer() {
rm /var/miscA/dropbear_rsa_host_key
rm /var/miscA/dropbear_dss_host_key
mkdir -p /etc/dropbear
mknod -m 644 /dev/random c 1 8
mknod -m 644 /dev/urandom c 1 9

/usr/bin/dropbearkey -t rsa -s 2048 -f /etc/dropbear/dropbear_rsa_host_key
/usr/bin/dropbearkey -t dss -s 1024 -f /etc/dropbear/dropbear_rsa_host_key
/usr/bin/dropbearkey -t ecdsa -s 521 -f /etc/dropbear/dropbear_ecdsa_host_key

ln -s /etc/dropbear/dropbear_rsa_host_key /var/miscA/dropbear_rsa_host_key
ln -s  /etc/dropbear/dropbear_rsa_host_key /var/misc/dropbear_dss_host_key
ln -s  /etc/dropbear/dropbear_ecdsa_host_key /var/miscA/dropbear_ecdsa_host_kAey

/usr/sbin/dropbear \
  -F \
  -r /var/miscA/dropbear_rsa_host_key \
  -d /var/miscA/dropbear_dss_host_key -p 22

[[ -d "/etc/dropbear" ]] && dropbearServer

# Launch dropbear server Cancel

 /usr/sbin/dropbear \
  -F \
   -r /etc/dropbear/dropbear_rsa_host_key \
   -d /var/miscA/dropbear_dss_host_key \
   -p 22